https://github.com/itk-dev/itkdev_openid_connect_drupal
A simple OpenID Connect module for Drupal
https://github.com/itk-dev/itkdev_openid_connect_drupal
Last synced: 2 months ago
JSON representation
A simple OpenID Connect module for Drupal
- Host: GitHub
- URL: https://github.com/itk-dev/itkdev_openid_connect_drupal
- Owner: itk-dev
- Archived: true
- Created: 2021-03-15T14:38:51.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2021-06-24T07:57:59.000Z (almost 5 years ago)
- Last Synced: 2024-04-15T00:40:59.477Z (almost 2 years ago)
- Language: PHP
- Size: 44.9 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# OpenID Connect
A simple OpenID Connect module for Drupal.
## Installation
```sh
composer require itk-dev/itkdev_openid_connect_drupal
vendor/bin/drush pm:enable itkdev_openid_connect_drupal
```
### Configuration
```php
$config['itkdev_openid_connect_drupal']['authenticators']['generic'] = [
// Optional name.
'name' => 'Azure B2C',
// Optional. Default: FALSE
'show_on_login_form' => TRUE,
// Optional. Redirect after login (default: )
'default_location' => '/content',
// Optional. Default: FALSE
'debug => TRUE,
// Required OpenID Connect Discovery url (cf. https://swagger.io/docs/specification/authentication/openid-connect-discovery/)
'openid_connect_discovery_url' => …,
// Required client id.
'client_id' => …,
// Required client secret.
'client_secret' => …,
// Required map from user field to claim name.
'fields' => [
// Mapping `name` is required.
'name' => 'upn',
// Mapping `mail` is required.
'mail' => 'email',
// Additional user fields.
'field_first_name' => 'given_name',
'field_last_name' => 'family_name',
// Mapping `roles` is optional, but recommended.
'roles' => 'role',
],
'roles => [
// Optional map from OpenID role name to list of Drupal role (machine) names (or a single name).
'map' => [
'admin' => ['administrator', 'user_manager'],
'user' => 'authenticated',
],
// Optional default Drupal role (machine) names that users will always get.
'default => [
'employee',
],
],
];
$config['itkdev_openid_connect_drupal']['authenticators']['userid'] = [
'openid_connect_discovery_url' => …,
'client_id' => …,
'client_secret' => …,
…,
'default_roles' => [
'user',
],
];
```
## Usage
To authenticate using one of the defined authenticators, the user must be sent
to `/itkdev_openid_connect_drupal/authenticate/«key»`, where `«key»` is one of
the authenticators defined in config (i.e. `generic` or `userid` in the example
above).
Generate the authentication url with code like
```php
Url::fromRoute('itkdev_openid_connect_drupal.openid_connect, ['key' => $key])
```
## Development
### Coding standards
```sh
composer install
composer coding-standards-check
composer coding-standards-apply
```